Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

suddenly unable to logon to laptop when remote: "Domain is unavailable".

Posted on 2006-11-27
8
Medium Priority
?
421 Views
Last Modified: 2010-04-18
I am hoping that someone out there has seen this issue before and can help me understand what happened.  I have a user with a laptop who often works remotely.  She has a non-roaming profile, so when remote, she logs into her computer using her domain credentials and uses the local profile, all as we would expect.  This has been working for about a year.

Suddenly today, she was trying to start a program using "run as" for admin rights (as she has done successfully for many months).  The system refused the password ("...username or password are incorrect").  I had her log off and try logging on as that user, but it would not do so because "the domain controller cannot be reached".  "OK", i think, "maybe I never logged into her computer as that admin user".  So I have her try using my admin credentials that I know I have used on her machine before, and it logs in ok.  I have her log back in as herself and try to "run as" the account that we just succeeded as logging in as, but it tells her "bad username or password".  

Frustrated, I think I will have her log back in under my credentials and make her account a local admin.  However, once we log out, we are no longer able to log in as this same admin user; we get "the domain controller cannot be reached.".  In fact, we can no longer log in even as her original user!  We appear to be completely unable to log into the machine because it cannot find a DC!!  

I have never had this problem before and am rather stumped as to what could have caused it?  Does anyone out there have any idea
   A) why might this happen?
   B) how can I get around the problem?
   C) how can I prevent it happening again?

I am working on solving number B right now.  Currently, I have the user looking for a network cable she can borrow.  I am thinking maybe I can have her put a check in "log in using dial-up networking" and connect to the VPN as she logs in. thus allowing her computer to talk to the domain controller.  Any thoughts on if this would work?

The user is remote for a series of meetings and not having access to her computer is causing a LOT of stress right now, so any thoughts on solving this are greatly appreciated!

Thank you!
0
Comment
Question by:boydicus
  • 5
  • 3
8 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 18021924
It's all about the profile.

Runas will work as expected while connected to the domain.
Runas will work as expected, provided the credentials used have a profile on the machine (have logged on at least once on the domain).
Runas will not work when trying to use credentials that don't satisfy one of the above.

Now, changing the user's rights basically broke the "cached" security token and therefore broke the cached logon - which requires reaching out to the DC to rebuild the token and recache it.

The fix....connect it to the domain and log in once.

0
 
LVL 51

Accepted Solution

by:
Netman66 earned 1500 total points
ID: 18021955
As long as the VPN Connectoid is in the Dial Up entries, then using dial up should work.

To fix her temporarily if everything else fails, have her logon with your credentials (which should still be cached) and create a local user account that is part of the admin group.

She can then get her stuff via Documents and Settings\Profile of user\My Documents and/or Desktop.

0
 

Author Comment

by:boydicus
ID: 18022210
Netman66, thanks for your reply.  Please note that I never got a chance to change the user's profile.  In fact, it appears that "the problem" occurred while she was logged in.  I logged her out, then logged in as myself once, then logged in as herself once, and after that have been unable to log in as anyone.  The original account she was trying to use for "run as" was a local admin account, for what it is worth.

Any further thoughts would be greatly appreciated.
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
LVL 51

Expert Comment

by:Netman66
ID: 18023178
Didn't I read that when you logged in you added her to the Admin group?

Runas the local Admin account shouldn't have thrown any errors though...

So, the local Admin account doesn't work either?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18023263
You may also want to check to see if her actual account in AD has expired as well.

0
 

Author Comment

by:boydicus
ID: 18025248
no, when I logged in as me initially it was just to see if it was possible.  I didnt think of adding her to admin group until my credentials failed on "run as".  Then I tried to log in as me again but was denied.  At that point I was unable to log back in as anyone.  

I used Remote Desktop to connect to a machine on her local network and was able to log in as her, so her account is good.  
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18032287
Well, unless you can get her logged in with a local account, it may be necessary to have her log back in while connected to the LAN.

It sounds like all the cached credentials are messed up.

0
 

Author Comment

by:boydicus
ID: 18040639
agreed.  To make it even more bizarre, she sent me a message that she just kept trying and trying the different accounts out of desperation, and suddenly "it started working".  I believe that she was able to log in using the connection to the VPN and this refreshed the credentials.  She can't confirm that this happened since by the end she was pretty much just flailing around.  I just wish I knew why this happened and how to guard against it in the future.  Thanks for the help.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Screencast - Getting to Know the Pipeline

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question